CVE-2021-45836

2022-04-2510:41:38

mitre

www.cve.org

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.9%

JSON

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.

References

thatsn0tmy.site/posts/2021/12/how-to-summon-rces/